How to enable Audit Failure logs in Active Directory?

Do this on the "Default Domain Controller" Policy to apply to the DC's

Note that in Win2008 server and above, you need to use the "Advanced Audit Policy Configuration" options in the GPO. See screenshot:

Yes, you need to edit on Default Domain Controller policy, otherwise you need to create new GPO and link it to the Domain Controllers OU. Once you have done it in any of these two ways, you need to watch the User Account Management events

4740 - for locked out.

4767 - for unlocked.

Refer this article http://www.morgantechspace.com/2013/08/how-to-enable-active-directory-change.html to know how to enable auditing in active directory

and for complete event ID list http://www.morgantechspace.com/2013/08/active-directory-change-audit-events.html